Plusieurs processus explorer.exe
Dernière réponse : dans Sécurité
Bonjour à toutes et à tous,
J'ai un problème au niveau de mes processus. En effet, dans l'onglet processus du gestionnaire des tâches explorer.exe apparrait plusieur fois. De plus, microsoft windows me génére des rapport d'erreur et qu'un programme du nom de SetCryptin à cesser de fonctionner. Or, qd je mets "fermer le programme" le message de microsoft windows réapparrait indéfiniment.
Est ce à cause d'un virus??
Merci d'avance pour votre aide
J'ai un problème au niveau de mes processus. En effet, dans l'onglet processus du gestionnaire des tâches explorer.exe apparrait plusieur fois. De plus, microsoft windows me génére des rapport d'erreur et qu'un programme du nom de SetCryptin à cesser de fonctionner. Or, qd je mets "fermer le programme" le message de microsoft windows réapparrait indéfiniment.
Est ce à cause d'un virus??
Merci d'avance pour votre aide
Autres pages sur : plusieurs processus explorer exe
Lassé par la pub ? Créez un compte
voici le rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53:42, on 13/08/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\VirusScan Enterprise\ShStat.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mindjet\MindManager 8\MmReminderService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Users\Taha\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Users\Taha\Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sfr.fr/kit/adsl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 8\MMReminderService.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe /minimized
O4 - HKCU\..\Run: [HKCU] C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbf_device - - C:\Windows\system32\lxbfcoms.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: Service McAfee Framework (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9153 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53:42, on 13/08/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\VirusScan Enterprise\ShStat.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mindjet\MindManager 8\MmReminderService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Users\Taha\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Users\Taha\Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sfr.fr/kit/adsl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 8\MMReminderService.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe /minimized
O4 - HKCU\..\Run: [HKCU] C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbf_device - - C:\Windows\system32\lxbfcoms.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: Service McAfee Framework (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9153 bytes
Salut
Le problème c'est le faux explorer.exe (C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe ) dont le processus est lacé plusieurs fois, et qui se lance au démarrage du système (O4 - HKCU\..\Run: [HKCU] C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe ).
J'ai eu le meme problème, et rien ni avast ni Malwarebytes ne trouvaient de problème... donc le plus simple c'est de le supprimer manuellement.
Tu reboot en mode sans echec et tu supprimes le dossier C:\Users\Taha\AppData\Roaming\WinX2L2K2
Tu peux aussi faire un petit msconfig (demarrer>executer>msconfig, ou tape direct msconfig dans la barre de recherche du menu démarrer), dans l'onglet démarrage tu recherches notre explorer.exe (il n'aura sans doute pas ce nom la, mais recherche C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe dans la colonne commande).
un petit redémarrage et ca devrait etre réglé!
Le problème c'est le faux explorer.exe (C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe ) dont le processus est lacé plusieurs fois, et qui se lance au démarrage du système (O4 - HKCU\..\Run: [HKCU] C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe ).
J'ai eu le meme problème, et rien ni avast ni Malwarebytes ne trouvaient de problème... donc le plus simple c'est de le supprimer manuellement.
Tu reboot en mode sans echec et tu supprimes le dossier C:\Users\Taha\AppData\Roaming\WinX2L2K2
Tu peux aussi faire un petit msconfig (demarrer>executer>msconfig, ou tape direct msconfig dans la barre de recherche du menu démarrer), dans l'onglet démarrage tu recherches notre explorer.exe (il n'aura sans doute pas ce nom la, mais recherche C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe dans la colonne commande).
un petit redémarrage et ca devrait etre réglé!
Salut oliveretta, j'ai testé la solution du msconfig et ca n'a pas marché,
voici ma capture d'écran pour tom http://img534.imageshack.us/i/captureecran.jpg/
voici ma capture d'écran pour tom http://img534.imageshack.us/i/captureecran.jpg/
Bonjour
ça semble pas vraiment t'affoler de voir que des faux explorer tournent en permanence sur ton pc...![:o]( ":o")
Télécharge![]()
DDS et sauvegarde-le sur ton bureau.
Désactive tout script bloquant, tels qu'un antivirus, un logiciel comme ad-block, noscript etc.
Double-clique sur dds.scr pour lancer l'outil.
Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
Clique Oui à la prochaine invite Optional Scan.
Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.
ça semble pas vraiment t'affoler de voir que des faux explorer tournent en permanence sur ton pc...
Télécharge
DDS et sauvegarde-le sur ton bureau.
Bonsoir Sham_Rock,
voici le rapport DDS comme convenu, c'est vrai que j'ai laisser trainer le problème un peu trop longtemps![:lol:]( ":lol:")
DDS (Ver_10-10-31.01) - NTFSx86
Run by Taha at 18:43:46,90 on 02/11/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2037.993 [GMT 1:00]
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: VirusScan Enterprise + AntiSpyware Enterprise *enabled* (Updated) {24E45799-D058-4314-AC5D-1B2EE5C3151F}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\system32\agrsmsvc.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Users\Taha\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxbfcoms.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Windows\system32\mfevtps.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\Windows\system32\iashost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\alg.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Taha\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.sfr.fr/kit/adsl/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar = hxxp://g.msn.fr/0SEFRFR/SAOS02
mStart Page = hxxp://fr.fr.acer.yahoo.com
mDefault_Page_URL = hxxp://fr.fr.acer.yahoo.com
uURLSearchHooks: Yahoo! Toolbar avec bloqueur de fenêtres pop-up: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Objet d'aide à la navigation SFR: {0f6e720a-1a6b-40e1-a294-1d4d19f156c8} - c:\program files\sfr\kit\SFRNavErrorHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: PDFCreator Toolbar Helper: {c451c08a-ec37-45df-aaad-18b51ab5e837} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Yahoo! Toolbar avec bloqueur de fenêtres pop-up: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: PDFCreator Toolbar: {31cf9ebe-5755-4a1d-ac25-2834d952d9b4} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [HKCU] c:\users\taha\appdata\roaming\winx2l2k2\explorer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [PLFSet] rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Skytel] Skytel.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: eNetHook.dll
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\taha\appdata\roaming\mozilla\firefox\profiles\jwrji21d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
FF - component: c:\users\taha\appdata\roaming\mozilla\firefox\profiles\jwrji21d.default\extensions\twitternotifier@naan.net\platform\winnt\components\nsTwitterFoxSign.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin2.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin3.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin4.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin5.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin6.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin7.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
P2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-9-29 143088]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-2-19 340592]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2007-11-9 13560]
R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2007-7-31 50688]
R2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe -service --> c:\windows\system32\lxbfcoms.exe -service [?]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2008-9-29 19456]
R2 McAfeeFramework;Service McAfee Framework;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-9-29 62800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-2-19 67904]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-7-31 179712]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-6-28 33792]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-2-19 90360]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-2-19 42424]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-20 135664]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2010-3-11 1527900]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-11-25 21504]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-2-19 64432]
S3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== File Associations ===============
regfile="regedit.exe" "%1"
=============== Created Last 30 ================
2010-11-02 09:25:50 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{bd58536f-e862-412b-8178-7841902e56c3}\mpengine.dll
2010-10-27 09:34:18 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 09:34:16 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-27 09:34:16 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-16 00:28:20 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2010-10-16 00:28:18 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2010-10-15 00:18:05 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-15 00:17:40 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-15 00:17:38 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-15 00:17:05 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-15 00:17:05 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-15 00:17:05 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-15 00:17:04 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-15 00:17:03 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-15 00:16:45 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-10-15 00:16:45 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-15 00:16:41 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-15 00:16:39 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-15 00:16:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-15 00:16:33 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-15 00:16:28 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-15 00:16:25 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-15 00:16:20 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-15 00:15:57 834048 ----a-w- c:\windows\system32\wininet.dll
2010-10-15 00:15:55 389632 ----a-w- c:\windows\system32\html.iec
2010-10-15 00:15:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-10-05 18:51:43 -------- d-----w- c:\users\taha\appdata\roaming\Apowersoft
2010-10-05 17:53:20 307200 ----a-w- c:\windows\system32\TubeFinder.exe
2010-10-05 17:53:19 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
2010-10-05 17:53:19 84512 ----a-w- c:\windows\system32\PICCLP32.OCX
2010-10-05 17:53:19 364544 ----a-w- c:\windows\system32\PropertyGrid.ocx
2010-10-05 17:53:19 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-10-05 17:53:18 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2010-10-05 17:53:18 24576 ----a-w- c:\windows\system32\ControlSubX.ocx
2010-10-05 17:53:18 -------- d-----w- c:\users\taha\appdata\roaming\FreeFLVConverter
==================== Find3M ====================
2010-10-19 09:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-15 02:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-26 16:33:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-05 08:59:22 175104 ----a-w- c:\users\taha\appdata\roaming\Taha3SQLite3.dll
============= FINISH: 18:45:34,81 ===============
voici le rapport DDS comme convenu, c'est vrai que j'ai laisser trainer le problème un peu trop longtemps
DDS (Ver_10-10-31.01) - NTFSx86
Run by Taha at 18:43:46,90 on 02/11/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2037.993 [GMT 1:00]
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: VirusScan Enterprise + AntiSpyware Enterprise *enabled* (Updated) {24E45799-D058-4314-AC5D-1B2EE5C3151F}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\system32\agrsmsvc.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Users\Taha\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxbfcoms.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Windows\system32\mfevtps.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\Windows\system32\iashost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\alg.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Taha\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.sfr.fr/kit/adsl/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar = hxxp://g.msn.fr/0SEFRFR/SAOS02
mStart Page = hxxp://fr.fr.acer.yahoo.com
mDefault_Page_URL = hxxp://fr.fr.acer.yahoo.com
uURLSearchHooks: Yahoo! Toolbar avec bloqueur de fenêtres pop-up: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Objet d'aide à la navigation SFR: {0f6e720a-1a6b-40e1-a294-1d4d19f156c8} - c:\program files\sfr\kit\SFRNavErrorHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: PDFCreator Toolbar Helper: {c451c08a-ec37-45df-aaad-18b51ab5e837} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Yahoo! Toolbar avec bloqueur de fenêtres pop-up: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: PDFCreator Toolbar: {31cf9ebe-5755-4a1d-ac25-2834d952d9b4} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [HKCU] c:\users\taha\appdata\roaming\winx2l2k2\explorer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [PLFSet] rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Skytel] Skytel.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: eNetHook.dll
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\taha\appdata\roaming\mozilla\firefox\profiles\jwrji21d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
FF - component: c:\users\taha\appdata\roaming\mozilla\firefox\profiles\jwrji21d.default\extensions\twitternotifier@naan.net\platform\winnt\components\nsTwitterFoxSign.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin2.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin3.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin4.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin5.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin6.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin7.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
P2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-9-29 143088]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-2-19 340592]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2007-11-9 13560]
R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2007-7-31 50688]
R2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe -service --> c:\windows\system32\lxbfcoms.exe -service [?]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2008-9-29 19456]
R2 McAfeeFramework;Service McAfee Framework;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-9-29 62800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-2-19 67904]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-7-31 179712]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-6-28 33792]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-2-19 90360]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-2-19 42424]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-20 135664]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2010-3-11 1527900]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-11-25 21504]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-2-19 64432]
S3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== File Associations ===============
regfile="regedit.exe" "%1"
=============== Created Last 30 ================
2010-11-02 09:25:50 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{bd58536f-e862-412b-8178-7841902e56c3}\mpengine.dll
2010-10-27 09:34:18 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 09:34:16 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-27 09:34:16 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-16 00:28:20 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2010-10-16 00:28:18 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2010-10-15 00:18:05 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-15 00:17:40 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-15 00:17:38 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-15 00:17:05 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-15 00:17:05 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-15 00:17:05 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-15 00:17:04 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-15 00:17:03 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-15 00:16:45 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-10-15 00:16:45 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-15 00:16:41 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-15 00:16:39 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-15 00:16:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-15 00:16:33 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-15 00:16:28 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-15 00:16:25 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-15 00:16:20 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-15 00:15:57 834048 ----a-w- c:\windows\system32\wininet.dll
2010-10-15 00:15:55 389632 ----a-w- c:\windows\system32\html.iec
2010-10-15 00:15:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-10-05 18:51:43 -------- d-----w- c:\users\taha\appdata\roaming\Apowersoft
2010-10-05 17:53:20 307200 ----a-w- c:\windows\system32\TubeFinder.exe
2010-10-05 17:53:19 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
2010-10-05 17:53:19 84512 ----a-w- c:\windows\system32\PICCLP32.OCX
2010-10-05 17:53:19 364544 ----a-w- c:\windows\system32\PropertyGrid.ocx
2010-10-05 17:53:19 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-10-05 17:53:18 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2010-10-05 17:53:18 24576 ----a-w- c:\windows\system32\ControlSubX.ocx
2010-10-05 17:53:18 -------- d-----w- c:\users\taha\appdata\roaming\FreeFLVConverter
==================== Find3M ====================
2010-10-19 09:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-15 02:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-26 16:33:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-05 08:59:22 175104 ----a-w- c:\users\taha\appdata\roaming\Taha3SQLite3.dll
============= FINISH: 18:45:34,81 ===============
re
excuse-moi, ce topic n'est pas marqué de la même façon pour moi, du coup je passe à côté...(si tu vois que je poste sur d'autres sujets et que je te réponds pas, tu peux me mp![;)]( ";)")
)
+++++++++
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :![]()
Combofix
Sauvegarde-le sur ton bureau et pas ailleurs!
Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"
viens sur le forum et édition "coller"
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
<@_@>
excuse-moi, ce topic n'est pas marqué de la même façon pour moi, du coup je passe à côté...(si tu vois que je poste sur d'autres sujets et que je te réponds pas, tu peux me mp
)+++++++++
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
Combofix Sauvegarde-le sur ton bureau et pas ailleurs!
Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"
viens sur le forum et édition "coller"
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
<@_@>
Pas de problème, voici le rapport combofix :
ComboFix 10-11-02.01 - Taha 02/11/2010 20:06:08.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2037.874 [GMT 1:00]
Lancé depuis: c:\users\Taha\Desktop\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: VirusScan Enterprise + AntiSpyware Enterprise *disabled* (Updated) {24E45799-D058-4314-AC5D-1B2EE5C3151F}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Recycle
c:\recycle\Drum Tools Demo.aif
c:\recycle\INSTALL.LOG
c:\recycle\Keyboard Shortcuts.pdf
c:\recycle\Menu and Dialog Reference.pdf
c:\recycle\Operation Manual.pdf
c:\recycle\Product Registration.pdf
c:\recycle\Read Me.rtf
c:\recycle\ReCycle.exe
c:\recycle\ReCycleHelp.chm
c:\recycle\Tutorial.rx2
c:\users\Taha\AppData\Roaming\Taha3SQLite3.dll
c:\windows\jestertb.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-10-02 au 2010-11-02 ))))))))))))))))))))))))))))))))))))
.
2010-11-02 19:14 . 2010-11-02 19:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-02 09:25 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD58536F-E862-412B-8178-7841902E56C3}\mpengine.dll
2010-10-27 09:34 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 09:34 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 09:34 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-20 10:09 . 2010-10-25 09:27 -------- d-----w- c:\program files\7-Zip
2010-10-16 00:28 . 2010-10-28 09:56 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2010-10-16 00:28 . 2010-10-28 09:56 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2010-10-15 00:18 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-15 00:17 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-15 00:17 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-15 00:17 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-15 00:17 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-15 00:17 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-15 00:17 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-15 00:17 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-15 00:16 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-15 00:16 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-15 00:16 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-15 00:16 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-15 00:16 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-15 00:16 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-15 00:16 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-15 00:16 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-15 00:16 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-15 00:15 . 2010-09-08 17:07 834048 ----a-w- c:\windows\system32\wininet.dll
2010-10-15 00:15 . 2010-09-08 15:23 389632 ----a-w- c:\windows\system32\html.iec
2010-10-15 00:15 . 2010-09-08 17:23 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-10-05 18:51 . 2010-10-05 18:51 -------- d-----w- c:\users\Taha\AppData\Roaming\Apowersoft
2010-10-05 17:53 . 2010-10-01 13:20 307200 ----a-w- c:\windows\system32\TubeFinder.exe
2010-10-05 17:53 . 2009-06-19 17:51 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
2010-10-05 17:53 . 2009-06-19 17:51 84512 ----a-w- c:\windows\system32\PICCLP32.OCX
2010-10-05 17:53 . 2009-06-19 17:51 364544 ----a-w- c:\windows\system32\PropertyGrid.ocx
2010-10-05 17:53 . 2009-06-19 17:51 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-10-05 17:53 . 2010-10-05 17:53 -------- d-----w- c:\users\Taha\AppData\Roaming\FreeFLVConverter
2010-10-05 17:53 . 2009-06-19 17:51 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2010-10-05 17:53 . 2009-06-19 17:51 24576 ----a-w- c:\windows\system32\ControlSubX.ocx
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2009-10-04 16:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-15 02:50 . 2010-06-21 16:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-26 16:33 . 2010-10-27 09:34 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 09:34 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 09:34 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-27 09:34 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-17 14:11 . 2010-09-15 11:02 128000 ----a-w- c:\windows\system32\spoolsv.exe
2008-09-29 07:07 . 2010-02-19 14:09 22576 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
2009-10-15 08:53 165184 ----a-w- c:\program files\SFR\Kit\SFRNavErrorHelper.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-16 768520]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux8"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
2007-05-22 13:49 151552 ----a-w- c:\acer\AcerTour\Reminder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKCU]
2010-08-05 08:57 794220 --sha-r- c:\users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 12:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMReminderService]
2009-12-07 12:17 38240 ----a-w- c:\program files\Mindjet\MindManager 8\MmReminderService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2007-05-24 12:38 206952 ------w- c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 09:30 413696 ----a-w- c:\program files\VistaCodecPack\QT\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-05 20:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 135664]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [2008-09-29 19456]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2008-09-29 64432]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [x]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-30 717296]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 13560]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
S2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe [2007-04-24 537520]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2008-09-29 67904]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'
2010-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 20:50]
2010-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 20:50]
2010-11-02 c:\windows\Tasks\Norton Security Scan for Taha.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-09-20 07:48]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.sfr.fr/kit/adsl/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://fr.fr.acer.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Taha\AppData\Roaming\Mozilla\Firefox\Profiles\jwrji21d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
FF - component: c:\users\Taha\AppData\Roaming\Mozilla\Firefox\Profiles\jwrji21d.default\extensions\twitternotifier@naan.net\platform\WINNT\components\nsTwitterFoxSign.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
MSConfigStartUp-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
MSConfigStartUp-ooVoo - c:\program files\ooVoo\oovoo.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-02 20:15
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000003d
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000003d
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\eNetHook.dll
- - - - - - - > 'lsass.exe'(712)
c:\windows\system32\eNetHook.dll
.
Heure de fin: 2010-11-02 20:18:47
ComboFix-quarantined-files.txt 2010-11-02 19:18
Avant-CF: 1 304 084 480 octets libres
Après-CF: 1 245 179 904 octets libres
- - End Of File - - 28DB99B4A45870DF1C18FAA051A2DFC4
ComboFix 10-11-02.01 - Taha 02/11/2010 20:06:08.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2037.874 [GMT 1:00]
Lancé depuis: c:\users\Taha\Desktop\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: VirusScan Enterprise + AntiSpyware Enterprise *disabled* (Updated) {24E45799-D058-4314-AC5D-1B2EE5C3151F}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Recycle
c:\recycle\Drum Tools Demo.aif
c:\recycle\INSTALL.LOG
c:\recycle\Keyboard Shortcuts.pdf
c:\recycle\Menu and Dialog Reference.pdf
c:\recycle\Operation Manual.pdf
c:\recycle\Product Registration.pdf
c:\recycle\Read Me.rtf
c:\recycle\ReCycle.exe
c:\recycle\ReCycleHelp.chm
c:\recycle\Tutorial.rx2
c:\users\Taha\AppData\Roaming\Taha3SQLite3.dll
c:\windows\jestertb.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-10-02 au 2010-11-02 ))))))))))))))))))))))))))))))))))))
.
2010-11-02 19:14 . 2010-11-02 19:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-02 09:25 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD58536F-E862-412B-8178-7841902E56C3}\mpengine.dll
2010-10-27 09:34 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 09:34 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 09:34 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-20 10:09 . 2010-10-25 09:27 -------- d-----w- c:\program files\7-Zip
2010-10-16 00:28 . 2010-10-28 09:56 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2010-10-16 00:28 . 2010-10-28 09:56 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2010-10-15 00:18 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-15 00:17 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-15 00:17 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-15 00:17 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-15 00:17 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-15 00:17 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-15 00:17 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-15 00:17 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-15 00:16 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-15 00:16 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-15 00:16 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-15 00:16 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-15 00:16 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-15 00:16 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-15 00:16 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-15 00:16 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-15 00:16 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-15 00:15 . 2010-09-08 17:07 834048 ----a-w- c:\windows\system32\wininet.dll
2010-10-15 00:15 . 2010-09-08 15:23 389632 ----a-w- c:\windows\system32\html.iec
2010-10-15 00:15 . 2010-09-08 17:23 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-10-05 18:51 . 2010-10-05 18:51 -------- d-----w- c:\users\Taha\AppData\Roaming\Apowersoft
2010-10-05 17:53 . 2010-10-01 13:20 307200 ----a-w- c:\windows\system32\TubeFinder.exe
2010-10-05 17:53 . 2009-06-19 17:51 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
2010-10-05 17:53 . 2009-06-19 17:51 84512 ----a-w- c:\windows\system32\PICCLP32.OCX
2010-10-05 17:53 . 2009-06-19 17:51 364544 ----a-w- c:\windows\system32\PropertyGrid.ocx
2010-10-05 17:53 . 2009-06-19 17:51 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-10-05 17:53 . 2010-10-05 17:53 -------- d-----w- c:\users\Taha\AppData\Roaming\FreeFLVConverter
2010-10-05 17:53 . 2009-06-19 17:51 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2010-10-05 17:53 . 2009-06-19 17:51 24576 ----a-w- c:\windows\system32\ControlSubX.ocx
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2009-10-04 16:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-15 02:50 . 2010-06-21 16:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-26 16:33 . 2010-10-27 09:34 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 09:34 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 09:34 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-27 09:34 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-17 14:11 . 2010-09-15 11:02 128000 ----a-w- c:\windows\system32\spoolsv.exe
2008-09-29 07:07 . 2010-02-19 14:09 22576 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
2009-10-15 08:53 165184 ----a-w- c:\program files\SFR\Kit\SFRNavErrorHelper.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-16 768520]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux8"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
2007-05-22 13:49 151552 ----a-w- c:\acer\AcerTour\Reminder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKCU]
2010-08-05 08:57 794220 --sha-r- c:\users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 12:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMReminderService]
2009-12-07 12:17 38240 ----a-w- c:\program files\Mindjet\MindManager 8\MmReminderService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2007-05-24 12:38 206952 ------w- c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 09:30 413696 ----a-w- c:\program files\VistaCodecPack\QT\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-05 20:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 135664]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [2008-09-29 19456]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2008-09-29 64432]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [x]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-30 717296]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 13560]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
S2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe [2007-04-24 537520]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2008-09-29 67904]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'
2010-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 20:50]
2010-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 20:50]
2010-11-02 c:\windows\Tasks\Norton Security Scan for Taha.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-09-20 07:48]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.sfr.fr/kit/adsl/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://fr.fr.acer.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Taha\AppData\Roaming\Mozilla\Firefox\Profiles\jwrji21d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
FF - component: c:\users\Taha\AppData\Roaming\Mozilla\Firefox\Profiles\jwrji21d.default\extensions\twitternotifier@naan.net\platform\WINNT\components\nsTwitterFoxSign.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
MSConfigStartUp-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
MSConfigStartUp-ooVoo - c:\program files\ooVoo\oovoo.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-02 20:15
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000003d
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000003d
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\eNetHook.dll
- - - - - - - > 'lsass.exe'(712)
c:\windows\system32\eNetHook.dll
.
Heure de fin: 2010-11-02 20:18:47
ComboFix-quarantined-files.txt 2010-11-02 19:18
Avant-CF: 1 304 084 480 octets libres
Après-CF: 1 245 179 904 octets libres
- - End Of File - - 28DB99B4A45870DF1C18FAA051A2DFC4
re
1
Copie (Ctrl+C) le texte ci-dessous :
Folder::
C:\Users\Taha\AppData\Roaming\WinX2L2K2
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt
Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
![]()
Combofix se lance, laisse toi guider..
Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
2
Télécharge GMER à partir de ce lien : http://www.gmer.net/files.php - clic sur "Download EXE" et télécharge le fichier sur ton bureau.
Voir le tutorial GMER, ça peut peut-être t'aider : http://www.malekal.com/tutorial_GMER.php
Désactive tes logiciels de protection (antivirus, antispyware etc) et ferme tous les programmes ouverts.
Double-clique sur le fichier GMER téléchargé.
IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Clique sur l'onglet "rootkit"
A droite, coche tout.
Clique maintenant sur Scan.
Lorsque le scan est terminé, clique sur Copy.
Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton Bureau et poste le contenu ici.
1
Copie (Ctrl+C) le texte ci-dessous :
Folder::
C:\Users\Taha\AppData\Roaming\WinX2L2K2
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt
Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
Ne touche à rien tant que le scan n'est pas terminé.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
2
Télécharge GMER à partir de ce lien : http://www.gmer.net/files.php - clic sur "Download EXE" et télécharge le fichier sur ton bureau.
Voir le tutorial GMER, ça peut peut-être t'aider : http://www.malekal.com/tutorial_GMER.php
IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Le rapport doit alors apparaître.
Les "faux" processus explorer.exe ont disparus, voici le rapport de combofix :
ComboFix 10-11-02.01 - Taha 02/11/2010 20:47:40.2.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2037.988 [GMT 1:00]
Lancé depuis: c:\users\Taha\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Taha\Documents\CFScript.txt
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: VirusScan Enterprise + AntiSpyware Enterprise *disabled* (Updated) {24E45799-D058-4314-AC5D-1B2EE5C3151F}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Taha\AppData\Roaming\WinX2L2K2
c:\users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-10-02 au 2010-11-02 ))))))))))))))))))))))))))))))))))))
.
2010-11-02 19:55 . 2010-11-02 19:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-02 09:25 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD58536F-E862-412B-8178-7841902E56C3}\mpengine.dll
2010-10-27 09:34 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 09:34 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 09:34 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-20 10:09 . 2010-10-25 09:27 -------- d-----w- c:\program files\7-Zip
2010-10-16 00:28 . 2010-10-28 09:56 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2010-10-16 00:28 . 2010-10-28 09:56 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2010-10-15 00:18 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-15 00:17 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-15 00:17 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-15 00:17 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-15 00:17 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-15 00:17 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-15 00:17 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-15 00:17 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-15 00:16 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-15 00:16 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-15 00:16 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-15 00:16 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-15 00:16 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-15 00:16 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-15 00:16 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-15 00:16 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-15 00:16 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-15 00:15 . 2010-09-08 17:07 834048 ----a-w- c:\windows\system32\wininet.dll
2010-10-15 00:15 . 2010-09-08 15:23 389632 ----a-w- c:\windows\system32\html.iec
2010-10-15 00:15 . 2010-09-08 17:23 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-10-05 18:51 . 2010-10-05 18:51 -------- d-----w- c:\users\Taha\AppData\Roaming\Apowersoft
2010-10-05 17:53 . 2010-10-01 13:20 307200 ----a-w- c:\windows\system32\TubeFinder.exe
2010-10-05 17:53 . 2009-06-19 17:51 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
2010-10-05 17:53 . 2009-06-19 17:51 84512 ----a-w- c:\windows\system32\PICCLP32.OCX
2010-10-05 17:53 . 2009-06-19 17:51 364544 ----a-w- c:\windows\system32\PropertyGrid.ocx
2010-10-05 17:53 . 2009-06-19 17:51 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-10-05 17:53 . 2010-10-05 17:53 -------- d-----w- c:\users\Taha\AppData\Roaming\FreeFLVConverter
2010-10-05 17:53 . 2009-06-19 17:51 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2010-10-05 17:53 . 2009-06-19 17:51 24576 ----a-w- c:\windows\system32\ControlSubX.ocx
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2009-10-04 16:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-15 02:50 . 2010-06-21 16:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-26 16:33 . 2010-10-27 09:34 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 09:34 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 09:34 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-27 09:34 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-17 14:11 . 2010-09-15 11:02 128000 ----a-w- c:\windows\system32\spoolsv.exe
2008-09-29 07:07 . 2010-02-19 14:09 22576 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
2009-10-15 08:53 165184 ----a-w- c:\program files\SFR\Kit\SFRNavErrorHelper.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-16 768520]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux8"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
2007-05-22 13:49 151552 ----a-w- c:\acer\AcerTour\Reminder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 12:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMReminderService]
2009-12-07 12:17 38240 ----a-w- c:\program files\Mindjet\MindManager 8\MmReminderService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2007-05-24 12:38 206952 ------w- c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 09:30 413696 ----a-w- c:\program files\VistaCodecPack\QT\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-05 20:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 135664]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [2008-09-29 19456]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2008-09-29 64432]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [x]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-30 717296]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 13560]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
S2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe [2007-04-24 537520]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2008-09-29 67904]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'
2010-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 20:50]
2010-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 20:50]
2010-11-02 c:\windows\Tasks\Norton Security Scan for Taha.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-09-20 07:48]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.sfr.fr/kit/adsl/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://fr.fr.acer.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Taha\AppData\Roaming\Mozilla\Firefox\Profiles\jwrji21d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
FF - component: c:\users\Taha\AppData\Roaming\Mozilla\Firefox\Profiles\jwrji21d.default\extensions\twitternotifier@naan.net\platform\WINNT\components\nsTwitterFoxSign.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-HKCU - c:\users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-02 20:56
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000003d
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000003d
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\eNetHook.dll
- - - - - - - > 'lsass.exe'(712)
c:\windows\system32\eNetHook.dll
.
Heure de fin: 2010-11-02 20:59:10
ComboFix-quarantined-files.txt 2010-11-02 19:59
ComboFix2.txt 2010-11-02 19:18
Avant-CF: 1 272 045 568 octets libres
Après-CF: 1 231 749 120 octets libres
- - End Of File - - 51FE48C26874CC8F60F0DF36BAD08CCF
ComboFix 10-11-02.01 - Taha 02/11/2010 20:47:40.2.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2037.988 [GMT 1:00]
Lancé depuis: c:\users\Taha\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Taha\Documents\CFScript.txt
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: VirusScan Enterprise + AntiSpyware Enterprise *disabled* (Updated) {24E45799-D058-4314-AC5D-1B2EE5C3151F}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Taha\AppData\Roaming\WinX2L2K2
c:\users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-10-02 au 2010-11-02 ))))))))))))))))))))))))))))))))))))
.
2010-11-02 19:55 . 2010-11-02 19:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-02 09:25 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD58536F-E862-412B-8178-7841902E56C3}\mpengine.dll
2010-10-27 09:34 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 09:34 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 09:34 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-20 10:09 . 2010-10-25 09:27 -------- d-----w- c:\program files\7-Zip
2010-10-16 00:28 . 2010-10-28 09:56 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2010-10-16 00:28 . 2010-10-28 09:56 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2010-10-15 00:18 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-15 00:17 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-15 00:17 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-15 00:17 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-15 00:17 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-15 00:17 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-15 00:17 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-15 00:17 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-15 00:16 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-15 00:16 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-15 00:16 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-15 00:16 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-15 00:16 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-15 00:16 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-15 00:16 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-15 00:16 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-15 00:16 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-15 00:15 . 2010-09-08 17:07 834048 ----a-w- c:\windows\system32\wininet.dll
2010-10-15 00:15 . 2010-09-08 15:23 389632 ----a-w- c:\windows\system32\html.iec
2010-10-15 00:15 . 2010-09-08 17:23 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-10-05 18:51 . 2010-10-05 18:51 -------- d-----w- c:\users\Taha\AppData\Roaming\Apowersoft
2010-10-05 17:53 . 2010-10-01 13:20 307200 ----a-w- c:\windows\system32\TubeFinder.exe
2010-10-05 17:53 . 2009-06-19 17:51 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
2010-10-05 17:53 . 2009-06-19 17:51 84512 ----a-w- c:\windows\system32\PICCLP32.OCX
2010-10-05 17:53 . 2009-06-19 17:51 364544 ----a-w- c:\windows\system32\PropertyGrid.ocx
2010-10-05 17:53 . 2009-06-19 17:51 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-10-05 17:53 . 2010-10-05 17:53 -------- d-----w- c:\users\Taha\AppData\Roaming\FreeFLVConverter
2010-10-05 17:53 . 2009-06-19 17:51 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2010-10-05 17:53 . 2009-06-19 17:51 24576 ----a-w- c:\windows\system32\ControlSubX.ocx
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2009-10-04 16:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-15 02:50 . 2010-06-21 16:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-26 16:33 . 2010-10-27 09:34 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 09:34 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 09:34 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-27 09:34 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-17 14:11 . 2010-09-15 11:02 128000 ----a-w- c:\windows\system32\spoolsv.exe
2008-09-29 07:07 . 2010-02-19 14:09 22576 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
2009-10-15 08:53 165184 ----a-w- c:\program files\SFR\Kit\SFRNavErrorHelper.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-16 768520]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux8"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
2007-05-22 13:49 151552 ----a-w- c:\acer\AcerTour\Reminder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 12:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMReminderService]
2009-12-07 12:17 38240 ----a-w- c:\program files\Mindjet\MindManager 8\MmReminderService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2007-05-24 12:38 206952 ------w- c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 09:30 413696 ----a-w- c:\program files\VistaCodecPack\QT\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-05 20:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 135664]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [2008-09-29 19456]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2008-09-29 64432]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [x]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-30 717296]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 13560]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
S2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe [2007-04-24 537520]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2008-09-29 67904]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'
2010-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 20:50]
2010-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 20:50]
2010-11-02 c:\windows\Tasks\Norton Security Scan for Taha.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-09-20 07:48]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.sfr.fr/kit/adsl/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://fr.fr.acer.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Taha\AppData\Roaming\Mozilla\Firefox\Profiles\jwrji21d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
FF - component: c:\users\Taha\AppData\Roaming\Mozilla\Firefox\Profiles\jwrji21d.default\extensions\twitternotifier@naan.net\platform\WINNT\components\nsTwitterFoxSign.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-HKCU - c:\users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-02 20:56
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000003d
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000003d
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\eNetHook.dll
- - - - - - - > 'lsass.exe'(712)
c:\windows\system32\eNetHook.dll
.
Heure de fin: 2010-11-02 20:59:10
ComboFix-quarantined-files.txt 2010-11-02 19:59
ComboFix2.txt 2010-11-02 19:18
Avant-CF: 1 272 045 568 octets libres
Après-CF: 1 231 749 120 octets libres
- - End Of File - - 51FE48C26874CC8F60F0DF36BAD08CCF
Voici le rapport avec GMER :
GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-11-02 21:58:07
Windows 6.0.6002 Service Pack 2
Running: 3l8s53rl.exe; Driver: C:\Users\Taha\AppData\Local\Temp\pxlcquod.sys
---- System - GMER 1.0.15 ----
INT 0x51 ? 85EF2BF8
INT 0x62 ? 85EF2BF8
INT 0x72 ? 8447ABF8
INT 0x82 ? 8447ABF8
INT 0x92 ? 8447ABF8
INT 0x92 ? 8447ABF8
INT 0x92 ? 85EF2BF8
INT 0x92 ? 8447ABF8
INT 0xA2 ? 85EF2BF8
INT 0xB3 ? 85EF2BF8
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0x8859CFF8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8859D00C]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8859D05E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0x8859D086]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0x8859D072]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0x8859D04A]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8859D036]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8859CFE4]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8859D022]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8262788D 5 Bytes JMP 8859D062 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8266699A 5 Bytes JMP 8859D03A \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 8266B04F 5 Bytes JMP 8859CFE8 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateUserProcess 8267D9D5 5 Bytes JMP 8859D026 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8269B372 1 Byte [E9]
PAGE ntoskrnl.exe!ZwRestoreKey 8269B372 5 Bytes JMP 8859D076 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8269C576 5 Bytes JMP 8859D08A \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 826DA93F 5 Bytes JMP 8859CFFC \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 826DA98A 7 Bytes JMP 8859D010 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 826DB443 5 Bytes JMP 8859D04E \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
? System32\Drivers\spog.sys Le chemin d'accès spécifié est introuvable. !
.text USBPORT.SYS!DllUnload 8D34341B 5 Bytes JMP 85EF21D8
.text awnsulm0.SYS 887BC000 22 Bytes [82, 63, 42, 82, 6C, 62, 42, ...]
.text awnsulm0.SYS 887BC017 45 Bytes [00, 32, 27, F5, 87, 3D, 25, ...]
.text awnsulm0.SYS 887BC045 135 Bytes [E3, 4A, 82, 4C, FF, 4D, 82, ...]
.text awnsulm0.SYS 887BC0CE 10 Bytes [00, 00, 00, 00, 00, 00, 6A, ...]
.text awnsulm0.SYS 887BC0DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...]
.text ...
? C:\Users\Taha\AppData\Local\Temp\mbr.sys Le fichier spécifié est introuvable. !
? C:\Users\Taha\AppData\Local\Temp\catchme.sys Le fichier spécifié est introuvable. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS Le fichier spécifié est introuvable. !
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 844792D8
IAT \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [87E79C4C] \SystemRoot\System32\Drivers\spog.sys
IAT \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [87E79CA0] \SystemRoot\System32\Drivers\spog.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [87E496D2] \SystemRoot\System32\Drivers\spog.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [87E49040] \SystemRoot\System32\Drivers\spog.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [87E497FC] \SystemRoot\System32\Drivers\spog.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [87E490BE] \SystemRoot\System32\Drivers\spog.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [87E4913C] \SystemRoot\System32\Drivers\spog.sys
IAT \SystemRoot\system32\drivers\ataport.SYS[ntoskrnl.exe!DbgBreakPoint] 8447A2D8
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 85EF22D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [87E59048] \SystemRoot\System32\Drivers\spog.sys
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortNotification] CC000CC2
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortWritePortUchar] 83EC8B55
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortWritePortUlong] 575320EC
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 458DFF33
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 8D5750FC
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5750F845
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortReadPortUchar] 8957046A
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortStallExecution] 75E8FC7D
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortGetParentBusType] BB0001E8
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortRequestCallback] 000000EA
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 850FC33B
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0000012B
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortCompleteRequest] 0FFC7D39
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortMoveMemory] 00012284
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 458D5600
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 106A50F4
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 38335668
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortReadPortUshort] FC75FF36
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortReadPortBufferUshort] D1E85757
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortInitialize] 8B0001E7
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortGetDeviceBase] 1BDEF7F0
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortDeviceStateChange] 23D6F7F6
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[NTOSKRNL.exe!KeTickCount] FFFFF104
IAT \SystemRoot\system32\DRIVERS\storport.sys[ntoskrnl.exe!DbgBreakPoint] 85F892D8
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [74197817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [741EA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7419BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7418F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [741975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [7418E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [741C8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [7419DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [7418FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [7418FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [741871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [7421CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [741BC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [7418D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [74186853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [7418687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74192AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 84E111F8
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
Device \FileSystem\fastfat \FatCdrom 845FB500
Device \Driver\volmgr \Device\VolMgrControl 8447C1F8
Device \Driver\usbuhci \Device\USBPDO-0 85F021F8
Device \Driver\usbuhci \Device\USBPDO-1 85F021F8
Device \Driver\sptd \Device\3050580583 spog.sys
Device \Driver\usbehci \Device\USBPDO-2 85F031F8
Device \Driver\usbuhci \Device\USBPDO-3 85F021F8
Device \Driver\PCI_PNP6569 \Device\00000054 spog.sys
Device \Driver\usbuhci \Device\USBPDO-4 85F021F8
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
Device \Driver\usbuhci \Device\USBPDO-5 85F021F8
Device \Driver\netbt \Device\NetBT_Tcpip_{E681AA19-620A-46E3-8BE4-854AE145272C} 869B21F8
Device \Driver\usbehci \Device\USBPDO-6 85F031F8
Device \Driver\volmgr \Device\HarddiskVolume1 8447C1F8
Device \Driver\volmgr \Device\HarddiskVolume2 8447C1F8
Device \Driver\cdrom \Device\CdRom0 85FAD1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84E0F1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 84E0F1F8
Device \Driver\atapi \Device\Ide\IdePort0 84E0F1F8
Device \Driver\atapi \Device\Ide\IdePort1 84E0F1F8
Device \Driver\atapi \Device\Ide\IdePort2 84E0F1F8
Device \Driver\atapi \Device\Ide\IdePort3 84E0F1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel0 84E101F8
Device \Driver\msahci \Device\Ide\PciIde1Channel1 84E101F8
Device \Driver\volmgr \Device\HarddiskVolume3 8447C1F8
Device \Driver\cdrom \Device\CdRom1 85FAD1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 869B21F8
Device \Driver\Smb \Device\NetbiosSmb 869C31F8
Device \Driver\iScsiPrt \Device\RaidPort0 85FE81F8
AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
Device \Driver\usbuhci \Device\USBFDO-0 85F021F8
Device \Driver\usbuhci \Device\USBFDO-1 85F021F8
Device \Driver\usbehci \Device\USBFDO-2 85F031F8
Device \Driver\usbuhci \Device\USBFDO-3 85F021F8
Device \Driver\usbuhci \Device\USBFDO-4 85F021F8
Device \Driver\usbuhci \Device\USBFDO-5 85F021F8
Device \Driver\netbt \Device\NetBT_Tcpip_{AA5F1747-800F-4F3F-B4FA-703DE1C18B6D} 869B21F8
Device \Driver\usbehci \Device\USBFDO-6 85F031F8
Device \Driver\awnsulm0 \Device\Scsi\awnsulm01Port5Path0Target0Lun0 85F2E1F8
Device \Driver\awnsulm0 \Device\Scsi\awnsulm01 85F2E1F8
Device \FileSystem\fastfat \Fat 845FB500
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
Device \FileSystem\cdfs \Cdfs AE6071F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -938860147
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 364202967
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB6 0xC1 0xD3 0x1C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6A 0xB6 0xBF 0xE9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1B 0x8B 0xA1 0x22 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB6 0xC1 0xD3 0x1C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6A 0xB6 0xBF 0xE9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1B 0x8B 0xA1 0x22 ...
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Taha\Desktop\[Full_Packaged_Product]_Reason_4.0_-_ReCycle_2.1_-_ReFill_Packer_3.0_-_ReFill_Viewer 0.2_-_Reload_1.0_[Propellerheads_Release]\x2122\Propellerhead ReCycle 2.1\Propellerhead ReCycle 2.1.exe 1
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Taha\Desktop\[Full_Packaged_Product]_Reason_4.0_-_ReCycle_2.1_-_ReFill_Packer_3.0_-_ReFill_Viewer 0.2_-_Reload_1.0_[Propellerheads_Release]\x2122\Propellerhead ReFill Packer 3.0\Install ReFill Packer 3.0.exe 1
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-11-02 21:58:07
Windows 6.0.6002 Service Pack 2
Running: 3l8s53rl.exe; Driver: C:\Users\Taha\AppData\Local\Temp\pxlcquod.sys
---- System - GMER 1.0.15 ----
INT 0x51 ? 85EF2BF8
INT 0x62 ? 85EF2BF8
INT 0x72 ? 8447ABF8
INT 0x82 ? 8447ABF8
INT 0x92 ? 8447ABF8
INT 0x92 ? 8447ABF8
INT 0x92 ? 85EF2BF8
INT 0x92 ? 8447ABF8
INT 0xA2 ? 85EF2BF8
INT 0xB3 ? 85EF2BF8
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0x8859CFF8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8859D00C]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8859D05E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0x8859D086]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0x8859D072]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0x8859D04A]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8859D036]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8859CFE4]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8859D022]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8262788D 5 Bytes JMP 8859D062 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8266699A 5 Bytes JMP 8859D03A \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 8266B04F 5 Bytes JMP 8859CFE8 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateUserProcess 8267D9D5 5 Bytes JMP 8859D026 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8269B372 1 Byte [E9]
PAGE ntoskrnl.exe!ZwRestoreKey 8269B372 5 Bytes JMP 8859D076 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8269C576 5 Bytes JMP 8859D08A \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 826DA93F 5 Bytes JMP 8859CFFC \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 826DA98A 7 Bytes JMP 8859D010 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 826DB443 5 Bytes JMP 8859D04E \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
? System32\Drivers\spog.sys Le chemin d'accès spécifié est introuvable. !
.text USBPORT.SYS!DllUnload 8D34341B 5 Bytes JMP 85EF21D8
.text awnsulm0.SYS 887BC000 22 Bytes [82, 63, 42, 82, 6C, 62, 42, ...]
.text awnsulm0.SYS 887BC017 45 Bytes [00, 32, 27, F5, 87, 3D, 25, ...]
.text awnsulm0.SYS 887BC045 135 Bytes [E3, 4A, 82, 4C, FF, 4D, 82, ...]
.text awnsulm0.SYS 887BC0CE 10 Bytes [00, 00, 00, 00, 00, 00, 6A, ...]
.text awnsulm0.SYS 887BC0DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...]
.text ...
? C:\Users\Taha\AppData\Local\Temp\mbr.sys Le fichier spécifié est introuvable. !
? C:\Users\Taha\AppData\Local\Temp\catchme.sys Le fichier spécifié est introuvable. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS Le fichier spécifié est introuvable. !
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 844792D8
IAT \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [87E79C4C] \SystemRoot\System32\Drivers\spog.sys
IAT \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [87E79CA0] \SystemRoot\System32\Drivers\spog.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [87E496D2] \SystemRoot\System32\Drivers\spog.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [87E49040] \SystemRoot\System32\Drivers\spog.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [87E497FC] \SystemRoot\System32\Drivers\spog.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [87E490BE] \SystemRoot\System32\Drivers\spog.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [87E4913C] \SystemRoot\System32\Drivers\spog.sys
IAT \SystemRoot\system32\drivers\ataport.SYS[ntoskrnl.exe!DbgBreakPoint] 8447A2D8
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 85EF22D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [87E59048] \SystemRoot\System32\Drivers\spog.sys
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortNotification] CC000CC2
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortWritePortUchar] 83EC8B55
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortWritePortUlong] 575320EC
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 458DFF33
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 8D5750FC
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5750F845
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortReadPortUchar] 8957046A
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortStallExecution] 75E8FC7D
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortGetParentBusType] BB0001E8
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortRequestCallback] 000000EA
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 850FC33B
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0000012B
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortCompleteRequest] 0FFC7D39
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortMoveMemory] 00012284
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 458D5600
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 106A50F4
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 38335668
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortReadPortUshort] FC75FF36
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortReadPortBufferUshort] D1E85757
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortInitialize] 8B0001E7
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortGetDeviceBase] 1BDEF7F0
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortDeviceStateChange] 23D6F7F6
IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[NTOSKRNL.exe!KeTickCount] FFFFF104
IAT \SystemRoot\system32\DRIVERS\storport.sys[ntoskrnl.exe!DbgBreakPoint] 85F892D8
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [74197817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [741EA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7419BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7418F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [741975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [7418E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [741C8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [7419DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [7418FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [7418FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [741871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [7421CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [741BC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [7418D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [74186853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [7418687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74192AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 84E111F8
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
Device \FileSystem\fastfat \FatCdrom 845FB500
Device \Driver\volmgr \Device\VolMgrControl 8447C1F8
Device \Driver\usbuhci \Device\USBPDO-0 85F021F8
Device \Driver\usbuhci \Device\USBPDO-1 85F021F8
Device \Driver\sptd \Device\3050580583 spog.sys
Device \Driver\usbehci \Device\USBPDO-2 85F031F8
Device \Driver\usbuhci \Device\USBPDO-3 85F021F8
Device \Driver\PCI_PNP6569 \Device\00000054 spog.sys
Device \Driver\usbuhci \Device\USBPDO-4 85F021F8
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
Device \Driver\usbuhci \Device\USBPDO-5 85F021F8
Device \Driver\netbt \Device\NetBT_Tcpip_{E681AA19-620A-46E3-8BE4-854AE145272C} 869B21F8
Device \Driver\usbehci \Device\USBPDO-6 85F031F8
Device \Driver\volmgr \Device\HarddiskVolume1 8447C1F8
Device \Driver\volmgr \Device\HarddiskVolume2 8447C1F8
Device \Driver\cdrom \Device\CdRom0 85FAD1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84E0F1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 84E0F1F8
Device \Driver\atapi \Device\Ide\IdePort0 84E0F1F8
Device \Driver\atapi \Device\Ide\IdePort1 84E0F1F8
Device \Driver\atapi \Device\Ide\IdePort2 84E0F1F8
Device \Driver\atapi \Device\Ide\IdePort3 84E0F1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel0 84E101F8
Device \Driver\msahci \Device\Ide\PciIde1Channel1 84E101F8
Device \Driver\volmgr \Device\HarddiskVolume3 8447C1F8
Device \Driver\cdrom \Device\CdRom1 85FAD1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 869B21F8
Device \Driver\Smb \Device\NetbiosSmb 869C31F8
Device \Driver\iScsiPrt \Device\RaidPort0 85FE81F8
AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
Device \Driver\usbuhci \Device\USBFDO-0 85F021F8
Device \Driver\usbuhci \Device\USBFDO-1 85F021F8
Device \Driver\usbehci \Device\USBFDO-2 85F031F8
Device \Driver\usbuhci \Device\USBFDO-3 85F021F8
Device \Driver\usbuhci \Device\USBFDO-4 85F021F8
Device \Driver\usbuhci \Device\USBFDO-5 85F021F8
Device \Driver\netbt \Device\NetBT_Tcpip_{AA5F1747-800F-4F3F-B4FA-703DE1C18B6D} 869B21F8
Device \Driver\usbehci \Device\USBFDO-6 85F031F8
Device \Driver\awnsulm0 \Device\Scsi\awnsulm01Port5Path0Target0Lun0 85F2E1F8
Device \Driver\awnsulm0 \Device\Scsi\awnsulm01 85F2E1F8
Device \FileSystem\fastfat \Fat 845FB500
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
Device \FileSystem\cdfs \Cdfs AE6071F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -938860147
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 364202967
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB6 0xC1 0xD3 0x1C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6A 0xB6 0xBF 0xE9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1B 0x8B 0xA1 0x22 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB6 0xC1 0xD3 0x1C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6A 0xB6 0xBF 0xE9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1B 0x8B 0xA1 0x22 ...
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Taha\Desktop\[Full_Packaged_Product]_Reason_4.0_-_ReCycle_2.1_-_ReFill_Packer_3.0_-_ReFill_Viewer 0.2_-_Reload_1.0_[Propellerheads_Release]\x2122\Propellerhead ReCycle 2.1\Propellerhead ReCycle 2.1.exe 1
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Taha\Desktop\[Full_Packaged_Product]_Reason_4.0_-_ReCycle_2.1_-_ReFill_Packer_3.0_-_ReFill_Viewer 0.2_-_Reload_1.0_[Propellerheads_Release]\x2122\Propellerhead ReFill Packer 3.0\Install ReFill Packer 3.0.exe 1
---- EOF - GMER 1.0.15 ----
Voici le scan DDS :
DDS (Ver_10-10-31.01) - NTFSx86
Run by Taha at 13:29:58,89 on 03/11/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2037.929 [GMT 1:00]
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: VirusScan Enterprise + AntiSpyware Enterprise *disabled* (Updated) {24E45799-D058-4314-AC5D-1B2EE5C3151F}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\system32\agrsmsvc.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxbfcoms.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\iashost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\alg.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Users\Taha\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.sfr.fr/kit/adsl/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://fr.fr.acer.yahoo.com
uURLSearchHooks: Yahoo! Toolbar avec bloqueur de fenêtres pop-up: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Objet d'aide à la navigation SFR: {0f6e720a-1a6b-40e1-a294-1d4d19f156c8} - c:\program files\sfr\kit\SFRNavErrorHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: PDFCreator Toolbar Helper: {c451c08a-ec37-45df-aaad-18b51ab5e837} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Yahoo! Toolbar avec bloqueur de fenêtres pop-up: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: PDFCreator Toolbar: {31cf9ebe-5755-4a1d-ac25-2834d952d9b4} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [PLFSet] rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Skytel] Skytel.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\eNetHook.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\taha\appdata\roaming\mozilla\firefox\profiles\jwrji21d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
FF - component: c:\users\taha\appdata\roaming\mozilla\firefox\profiles\jwrji21d.default\extensions\twitternotifier@naan.net\platform\winnt\components\nsTwitterFoxSign.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin2.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin3.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin4.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin5.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin6.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin7.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-2-19 340592]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2007-11-9 13560]
R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2007-7-31 50688]
R2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe -service --> c:\windows\system32\lxbfcoms.exe -service [?]
R2 McAfeeFramework;Service McAfee Framework;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-2-19 67904]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-7-31 179712]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-6-28 33792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-20 135664]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2008-9-29 19456]
S2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-9-29 143088]
S2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-9-29 62800]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2010-3-11 1527900]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-11-25 21504]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-2-19 90360]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-2-19 42424]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-2-19 64432]
S3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== Created Last 30 ================
2010-11-02 19:59:16 -------- d-sh--w- C:\$RECYCLE.BIN
2010-11-02 19:46:26 -------- d-----w- C:\ComboFix
2010-11-02 19:02:35 98816 ----a-w- c:\windows\sed.exe
2010-11-02 19:02:35 86528 ----a-w- c:\windows\MBR.exe
2010-11-02 19:02:35 256512 ----a-w- c:\windows\PEV.exe
2010-11-02 19:02:35 161792 ----a-w- c:\windows\SWREG.exe
2010-11-02 09:25:50 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{bd58536f-e862-412b-8178-7841902e56c3}\mpengine.dll
2010-10-27 09:34:18 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 09:34:16 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-27 09:34:16 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-16 00:28:20 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2010-10-16 00:28:18 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2010-10-15 00:18:05 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-15 00:17:40 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-15 00:17:38 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-15 00:17:05 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-15 00:17:05 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-15 00:17:05 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-15 00:17:04 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-15 00:17:03 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-15 00:16:45 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-10-15 00:16:45 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-15 00:16:41 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-15 00:16:39 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-15 00:16:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-15 00:16:33 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-15 00:16:28 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-15 00:16:25 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-15 00:16:20 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-15 00:15:57 834048 ----a-w- c:\windows\system32\wininet.dll
2010-10-15 00:15:55 389632 ----a-w- c:\windows\system32\html.iec
2010-10-15 00:15:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-10-05 18:51:43 -------- d-----w- c:\users\taha\appdata\roaming\Apowersoft
2010-10-05 17:53:20 307200 ----a-w- c:\windows\system32\TubeFinder.exe
2010-10-05 17:53:19 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
2010-10-05 17:53:19 84512 ----a-w- c:\windows\system32\PICCLP32.OCX
2010-10-05 17:53:19 364544 ----a-w- c:\windows\system32\PropertyGrid.ocx
2010-10-05 17:53:19 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-10-05 17:53:18 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2010-10-05 17:53:18 24576 ----a-w- c:\windows\system32\ControlSubX.ocx
2010-10-05 17:53:18 -------- d-----w- c:\users\taha\appdata\roaming\FreeFLVConverter
==================== Find3M ====================
2010-10-19 09:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-15 02:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-26 16:33:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
============= FINISH: 13:30:59,67 ===============
DDS (Ver_10-10-31.01) - NTFSx86
Run by Taha at 13:29:58,89 on 03/11/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2037.929 [GMT 1:00]
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: VirusScan Enterprise + AntiSpyware Enterprise *disabled* (Updated) {24E45799-D058-4314-AC5D-1B2EE5C3151F}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\system32\agrsmsvc.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxbfcoms.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\iashost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\alg.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Users\Taha\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.sfr.fr/kit/adsl/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://fr.fr.acer.yahoo.com
uURLSearchHooks: Yahoo! Toolbar avec bloqueur de fenêtres pop-up: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Objet d'aide à la navigation SFR: {0f6e720a-1a6b-40e1-a294-1d4d19f156c8} - c:\program files\sfr\kit\SFRNavErrorHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: PDFCreator Toolbar Helper: {c451c08a-ec37-45df-aaad-18b51ab5e837} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Yahoo! Toolbar avec bloqueur de fenêtres pop-up: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: PDFCreator Toolbar: {31cf9ebe-5755-4a1d-ac25-2834d952d9b4} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [PLFSet] rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Skytel] Skytel.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\eNetHook.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\taha\appdata\roaming\mozilla\firefox\profiles\jwrji21d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
FF - component: c:\users\taha\appdata\roaming\mozilla\firefox\profiles\jwrji21d.default\extensions\twitternotifier@naan.net\platform\winnt\components\nsTwitterFoxSign.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin2.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin3.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin4.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin5.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin6.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin7.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-2-19 340592]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2007-11-9 13560]
R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2007-7-31 50688]
R2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe -service --> c:\windows\system32\lxbfcoms.exe -service [?]
R2 McAfeeFramework;Service McAfee Framework;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-2-19 67904]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-7-31 179712]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-6-28 33792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-20 135664]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2008-9-29 19456]
S2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-9-29 143088]
S2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-9-29 62800]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2010-3-11 1527900]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-11-25 21504]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-2-19 90360]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-2-19 42424]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-2-19 64432]
S3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== Created Last 30 ================
2010-11-02 19:59:16 -------- d-sh--w- C:\$RECYCLE.BIN
2010-11-02 19:46:26 -------- d-----w- C:\ComboFix
2010-11-02 19:02:35 98816 ----a-w- c:\windows\sed.exe
2010-11-02 19:02:35 86528 ----a-w- c:\windows\MBR.exe
2010-11-02 19:02:35 256512 ----a-w- c:\windows\PEV.exe
2010-11-02 19:02:35 161792 ----a-w- c:\windows\SWREG.exe
2010-11-02 09:25:50 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{bd58536f-e862-412b-8178-7841902e56c3}\mpengine.dll
2010-10-27 09:34:18 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 09:34:16 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-27 09:34:16 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-16 00:28:20 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2010-10-16 00:28:18 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2010-10-15 00:18:05 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-15 00:17:40 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-15 00:17:38 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-15 00:17:05 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-15 00:17:05 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-15 00:17:05 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-15 00:17:04 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-15 00:17:03 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-15 00:16:45 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-10-15 00:16:45 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-15 00:16:41 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-15 00:16:39 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-15 00:16:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-15 00:16:33 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-15 00:16:28 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-15 00:16:25 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-15 00:16:20 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-15 00:15:57 834048 ----a-w- c:\windows\system32\wininet.dll
2010-10-15 00:15:55 389632 ----a-w- c:\windows\system32\html.iec
2010-10-15 00:15:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-10-05 18:51:43 -------- d-----w- c:\users\taha\appdata\roaming\Apowersoft
2010-10-05 17:53:20 307200 ----a-w- c:\windows\system32\TubeFinder.exe
2010-10-05 17:53:19 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
2010-10-05 17:53:19 84512 ----a-w- c:\windows\system32\PICCLP32.OCX
2010-10-05 17:53:19 364544 ----a-w- c:\windows\system32\PropertyGrid.ocx
2010-10-05 17:53:19 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-10-05 17:53:18 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2010-10-05 17:53:18 24576 ----a-w- c:\windows\system32\ControlSubX.ocx
2010-10-05 17:53:18 -------- d-----w- c:\users\taha\appdata\roaming\FreeFLVConverter
==================== Find3M ====================
2010-10-19 09:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-15 02:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-26 16:33:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
============= FINISH: 13:30:59,67 ===============
Désinstalle combofix en suivant cette procédure:
Menu démarrer puis exécuter
Tape maintenant Combofix /u dans la fenêtre que apparaît puis valide par OK. Veille à bien laisser un espace entre le X et le /U, car cela est nécessaire ici.
![]()
Supprime tous les programmes installés pour la désinfection.
Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.
![]()
Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.
Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.
Lire aussi: Antispyware gratuit : ça sert à rien!
~Edite ton premier message et marque [résolu] dans le titre.
Si ton nom de session correspond à ton véritable nom, tu as la possibilité de le changer en éditant tes posts.
![:hello:]( ":hello:")
Supprime tous les programmes installés pour la désinfection.
Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.
Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.
Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.
Lire aussi:
~Edite ton premier message et marque [résolu] dans le titre.
Si ton nom de session correspond à ton véritable nom, tu as la possibilité de le changer en éditant tes posts.
Lassé par la pub ? Créez un compte
- Contenus similaires :
- solutionsPlusieurs processus chrome.exe
- ForumPlusieurs processus svchost.exe
- ForumPlusieurs processus iexplore exe
- ForumPlantage processus explorer exe au demarrage
- ForumPlusieurs processus chrome
- ForumPlusieurs processus svchost
- ForumPlusieurs processus svhost
- ForumPlusieurs processus iexplore
- ForumPlusieurs svchost.exe processus
- ForumPlusieurs iexplore.exe dans processus
- Voir plus
